an approach to separation of duties validation for mils
play

An approach to Separation of Duties validation for MILS security - PowerPoint PPT Presentation

Sep 01, 2022 •164 likes •445 views

An approach to Separation of Duties validation for MILS security configurations Semen Kort, Dmitry Kulagin, Ekaterina Rudina Future Technologies Kaspersky Lab The objectives Discover the Describe how the Describe the

  1. An approach to Separation of Duties validation for MILS security configurations Semen Kort, Dmitry Kulagin, Ekaterina Rudina Future Technologies Kaspersky Lab

  2. The objectives    Discover the Describe how the Describe the situations requiring Separation of approach(es) to the cooperation of Duties may help in the validation of separated MILS keeping the main SoD requirement Domains properties provided fulfillment by MILS Platform

  3. Kaspersky Security System on the MILS Platform

  4. Security policy How the security policy addresses the ? concern of Separation of Duties on MILS platform? SoD requirement

  5. Security policy Challenges ? • Validation of SoD without any regard to the policy implemented by Security Server • Formal definition of SoD requirement to validate • Acceptable complexity of the validation algorithm SoD requirement

  6. Capability-based security policy CFG language Security configuration Challenges ? • Validation of configuration without any regard to the policy implemented by Security Server • Formal definition of SoD requirement to validate • Acceptable complexity of the validation algorithm SoD requirement

  7. Security configuration • Associates security policies to the particular types of communication and security-related events • CFG file is compiled into the code of Security Runtime 7

  8. levels: [“unclassified”, “confidential”, “secret”, “top-secret”] entity communicator { call in = allow; call out = allow; execute default = allow; mls.json } entity communicator { call in = allow; call out = allow; entity test { call in = allow; call in org.date.SetDate = mls_write; call out = allow; call in org.date.GetDate = mls_read; execute default = allow; execute default = mls_init(“top-secret”); } } entity test { call in = allow; call out = allow; execute default = mls_init(“unclassified”); execute mls(level) = mls_init(level); } simple.cfg advanced.cfg

  9. Case 1 The approach The approach fits the following needs Verifies that the rights are transferred to Facilitates the separation of duties and subjects that do not have the conflicting the keeps the proper isolation of groups rights of subjects on the MILS platform MILS Domains may share the resources and cooperate, but we need the guarantees that the single Domain is incapable of overcoming the policy constraints and getting excessive privileges

  10. Case 2 The approach The approach fits the following needs Verifies the monopoly access to the Facilitates the scenarios requiring critical resource for any Domain at any sequential actions on the same moment of time resource that are separated due to trustworthiness concerns MILS Domains may implement different actions but their coordination into sequence without the “trusted” coordinating domain is a challenge

  11. Case 1

  12. Capability-based security policy CFG language Security configuration Challenges ? • Formal definition of SoD requirement to validate • Acceptable complexity of the validation algorithm SoD requirement

  13. Capability-based security policy CFG language Security configuration ? OpSSoD requirement RBAC OpSSoD Semi-formal SoD requirement for the definition requirement particular Role-based access control configuration

  14. Capability-based security policy CFG language Security configuration ? OpSSoD requirement SoD requirement Role-based access control

  15. Capability-based security policy CFG SPM metamodel language Security configuration CFG model in ? SPM OpSSoD requirement SoD requirement Role-based access control

  16. KSS security configurations in terms of Schematic Protection Model KSS CFG SPM What concepts we consider How the model reflects these concepts Capability Ticket Capability type Type of the ticket ‘Call’ policies allowing the interaction of entities Link predicate Constraints on the rights transferred within capability Filter function ‘Execute’ policies / predefined rules for entities Can-create predicate Capability transfer/derive mechanisms Attenuation of privilege

  17. Capability-based security policy CFG SPM metamodel language Security configuration CFG model in ? SPM OpSSoD requirement in SPM OpSSoD requirement SoD requirement Role-based access control

  18. OpSSoD requirement in terms of Schematic Protection Model Resource Subject/Type1 Subject/Type2

  19. Capability-based security policy CFG SPM metamodel language Security configuration CFG model in ? Criteria for SPM validation the OpSSoD OpSSoD for Security requirement configuration in SPM OpSSoD requirement SoD requirement Role-based access control

  20. Criteria for validation the OpSSoD for Security configuration Check whether Create the the scheme is scheme Create “fully Check the acyclic according to unfolded” state criteria fulfillment (always CFG attenuating)

  21. Capability-based security policy CFG SPM metamodel language Security configuration CFG model in ? Criteria for SPM validation Validation the OpSSoD process OpSSoD for Security requirement configuration in SPM OpSSoD requirement OpSSoD SoD requirement for the requirement particular Role-based access control configuration

  22. Case 2

  23. Capability-based security policy CFG language Security configuration Challenges ? In terms of SPM • The subject can't transfer the right for the monopoly access to the resource SoD Monopoly access to • The right can't be removed (the scheme is requirement resource transferred monothonic) between subjects

  24. The new type of rights contained by capabilities  The Linear Rights • Only one subject may possess this right at every moment of time • When the capability with the linear right is revoked, this right will be given back to the parent The idea of linear rights allows addressing the requirements to the monopoly access to resources

  25. Capability-based security policy CFG Linear Rights language Security configuration ? Validation of the Validation constraints related process to the use of simple/linear rights Simple rights SoD Monopoly access to requirement resource transferred between subjects

  26. Linear rights  Main aspects The single linear right may be added to the scheme without the violation of already verified SoD properties Thus, we can combine the SoD aspect proven as in the Case 1 and fine-grained monopoly access to the resources where needed The linear right can’t be combined with the appropriate simple right. This constraint must be checked before applying the configuration

  27. Future work  The open question: verification for the composition of the capability- based control with other policies  More types of Separation of Duties  More applications/case scenarios to verify

  28. LET’S TALK? Kaspersky Lab HQ 39A/3 Leningradskoe Shosse Moscow, 125212, Russian Federation Tel: +7 (495) 797-8700 www.kaspersky.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The MILS Component Integration Approach To Secure Information Sharing Carolyn Boettcher,

The MILS Component Integration Approach To Secure Information Sharing Carolyn Boettcher,

The MILS Component Integration Approach To Secure Information Sharing Carolyn Boettcher, Raytheon, El Segundo CA Rance DeLong, LynuxWorks, San Jose CA John Rushby, SRI International, Menlo Park CA Wilmar Sifre, AFRL/RITB, Rome NY Boettcher,

414 views • 27 slides
Validation of an Unstructured Overset Mesh Method for CFD Analysis of Store Separation D. Snyder

Validation of an Unstructured Overset Mesh Method for CFD Analysis of Store Separation D. Snyder

Validation of an Unstructured Overset Mesh Method for CFD Analysis of Store Separation D. Snyder presented by R. Fitzsimmons Stores Separation Introduction Flight Test Expensive, high-risk, sometimes catastrophic loss of aircraft

210 views • 20 slides
MILS C Compl plete S ete Separa rati tion P n Platf tform orm P Protec ecti tion n

MILS C Compl plete S ete Separa rati tion P n Platf tform orm P Protec ecti tion n

MILS C Compl plete S ete Separa rati tion P n Platf tform orm P Protec ecti tion n Profi file le MILS CSP PP Viola Saftig, Dr. Igor Furgel Telekom Security - T-SYSTEMS INTERNATIONAL GmbH Content/Agenda 01 Motivation 02 MILS CSP

751 views • 23 slides
BRUNSWICK MILS Urban Design Presentation Introduction Structure of this presentation:

BRUNSWICK MILS Urban Design Presentation Introduction Structure of this presentation:

BRUNSWICK MILS Urban Design Presentation Introduction Structure of this presentation: Section 1: The overarching approach/methodology for the urban design analysis Section 2: The specific urban design rationales for the MILS precincts

481 views • 24 slides
A Hierarchal Approach to Validation Experiments in Magnetic Fusion Science Validation

A Hierarchal Approach to Validation Experiments in Magnetic Fusion Science Validation

A Hierarchal Approach to Validation Experiments in Magnetic Fusion Science Validation Experiments Working Group US Transport Task Force P.W. Terry, T. Carter, C. Hegna, C. Holland, M. GIlmore, M. Greenwald, B. LaBombard, R. Majeski, D.E.

593 views • 24 slides
Compositional Security Evaluation: The MILS approach John Rushby and Rance DeLong Computer

Compositional Security Evaluation: The MILS approach John Rushby and Rance DeLong Computer

Compositional Security Evaluation: The MILS approach John Rushby and Rance DeLong Computer Science Laboratory SRI International Menlo Park CA USA Primary affiliation: LynuxWorks John Rushby, Rance DeLong, SR I Compositional Security

466 views • 25 slides
Workshop on process validation Session 2: Enhanced approach Kowid Ho Process validation for

Workshop on process validation Session 2: Enhanced approach Kowid Ho Process validation for

Workshop on process validation Session 2: Enhanced approach Kowid Ho Process validation for process development following traditional vs enhanced approach Same objective: To establish scientific evidence that a process is capable of

347 views • 6 slides
A model of solid-liquid separation of mining slurries: experimental validation and scale-up M.

A model of solid-liquid separation of mining slurries: experimental validation and scale-up M.

A model of solid-liquid separation of mining slurries: experimental validation and scale-up M. Larenas & P. Garrido Centro de Investigacin JRI mlarenas@jri.cl, pgarrido@jri.cl www.ci-jri.cl Contents Context The model Experimental

802 views • 22 slides
A Classification Approach to Single Channel Source Separation CS 6772 Project Ron Weiss

A Classification Approach to Single Channel Source Separation CS 6772 Project Ron Weiss

A Classification Approach to Single Channel Source Separation CS 6772 Project Ron Weiss ronw@ee.columbia.edu A Classication Approach to Single Channel Source Separation p. 1/8 Single Channel Source Separation Speech Babble noise

644 views • 8 slides
Tuesday 9 th April 2013 Process Validation-Enhanced Approach Continuous Process Verification

Tuesday 9 th April 2013 Process Validation-Enhanced Approach Continuous Process Verification

EMA Expert Workshop on Validation of Manufacturing for Biological Medicinal Products Tuesday 9 th April 2013 Process Validation-Enhanced Approach Continuous Process Verification Brendan Hughes Agenda Definition and purpose of validation

730 views • 18 slides
Compositional Certification for MILS John Rushby Computer Science Laboratory SRI International

Compositional Certification for MILS John Rushby Computer Science Laboratory SRI International

Compositional Certification for MILS John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Compositional Cert for MILS: 1 Intuitive Security Architecture Almost all system designs are portrayed in

548 views • 28 slides
MILS Research Montage MILS Research Montage LAW LAW Work-In-Progress Session Work-In-Progress

MILS Research Montage MILS Research Montage LAW LAW Work-In-Progress Session Work-In-Progress

MILS Research Montage MILS Research Montage LAW LAW Work-In-Progress Session Work-In-Progress Session December 6, 2011 December 6, 2011 Rance DeLong Rance DeLong Consulting Researcher Consulting Researcher 1 MILS Efforts Overview

772 views • 26 slides
Tuesday 9 th April 2013 Process Validation-Enhanced Approach Scale down models Frank Zettl Key

Tuesday 9 th April 2013 Process Validation-Enhanced Approach Scale down models Frank Zettl Key

EMA Expert Workshop on Validation of Manufacturing for Biological Medicinal Products Tuesday 9 th April 2013 Process Validation-Enhanced Approach Scale down models Frank Zettl Key elements enhanced approach Extensive and intensive process

409 views • 16 slides
Legal Duties Legal Duties Legal duties to patient, employer, medical director, and public

Legal Duties Legal Duties Legal duties to patient, employer, medical director, and public

Chapter 4: Medical/Legal Issues Legal Duties Legal Duties Legal duties to patient, employer, medical director, and public Set by statutes and regulations Based on generally accepted standards Ethical Responsibilities Ethical

568 views • 20 slides
Engineering and Science: Science and . . . Why Separation into . . . How They Differ, Beyond

Engineering and Science: Science and . . . Why Separation into . . . How They Differ, Beyond

Outline of the Talk Original Approach: . . . From Full Cognition to . . . Science and . . . Engineering and Science: Science and . . . Why Separation into . . . How They Differ, Beyond Separation . . . and Why We Need Symmetries: Example

634 views • 14 slides
MILS Integration Protection Profile John Rushby, Rance DeLong a Computer Science Laboratory SRI

MILS Integration Protection Profile John Rushby, Rance DeLong a Computer Science Laboratory SRI

MILS Integration Protection Profile John Rushby, Rance DeLong a Computer Science Laboratory SRI International Menlo Park CA USA a Primary affiliation: LynuxWorks John Rushby, Rance DeLong, SR I MILS Integration PP: 1 Need for an Integration

533 views • 25 slides
Asymptotic Conformal Symmetry and Gravity Localisation in Brane Worlds K.S. Stelle Imperial

Asymptotic Conformal Symmetry and Gravity Localisation in Brane Worlds K.S. Stelle Imperial

Asymptotic Conformal Symmetry and Gravity Localisation in Brane Worlds K.S. Stelle Imperial College London Stringy Geometry Workshop Johannes Gutenberg-Universit at, Mainz September 16, 2015 A. Salam & E. Sezgin, Phys.Lett. B147 (1984)

483 views • 29 slides
M-theory and exact results in SUSY gauge theories Kazuo Hosomichi (YITP) 7 Feb 2012, Kyoto

M-theory and exact results in SUSY gauge theories Kazuo Hosomichi (YITP) 7 Feb 2012, Kyoto

M-theory and exact results in SUSY gauge theories Kazuo Hosomichi (YITP) 7 Feb 2012, Kyoto @YIPQS symposium 16 years after the 2 nd superstring revolution Superstring Revolution II ('95) Quantum equivalence relations among Dualities :

721 views • 35 slides
Iterated Function Systems = { h : S 1 S 1 : h = i n i 1 , i j { 1 ,

Iterated Function Systems = { h : S 1 S 1 : h = i n i 1 , i j { 1 ,

A semigroup with identity generated (w.r.t. the composition) by a family of diffeomorphisms = { 1 , . . . , k } on S 1 , Iterated Function Systems = { h : S 1 S 1 : h = i n i 1 , i j { 1 , . . . , k }} {

380 views • 6 slides
Individual Discrete Logarithm in GF( p k ) (last step of the Number Field Sieve algorithm) Aurore

Individual Discrete Logarithm in GF( p k ) (last step of the Number Field Sieve algorithm) Aurore

Individual Discrete Logarithm in GF( p k ) (last step of the Number Field Sieve algorithm) Aurore Guillevic INRIA Saclay / GRACE Team Ecole Polytechnique / LIX Asiacrypt 2015 Conference, Auckland, New Zealand, November 30 Aurore Guillevic

711 views • 51 slides
Secular Stagnation, Land Prices, and Collateral Constraints Zhifeng Cai UMN November 29, 2016

Secular Stagnation, Land Prices, and Collateral Constraints Zhifeng Cai UMN November 29, 2016

Secular Stagnation, Land Prices, and Collateral Constraints Zhifeng Cai UMN November 29, 2016 1 / 33 Motivation The 2007-2008 Financial Crisis differs considerably from other postwar recessions Larger declines of macro variables

1.33k views • 99 slides
Autonomous limit of 4-dimensional Painlev-type equations and degeneration of curves of genus two

Autonomous limit of 4-dimensional Painlev-type equations and degeneration of curves of genus two

Autonomous limit of 4-dimensional Painlev-type equations and degeneration of curves of genus two Akane Nakamura 2 the University of Sydney, Australia 9th March, 2016 2 Supported by the Australian Research Council. Akane Nakamura 3 Autonomous

982 views • 70 slides
G.Torrieri Ongoing work with Francesco Becattini This is an unpublished stuff me and Francesco

G.Torrieri Ongoing work with Francesco Becattini This is an unpublished stuff me and Francesco

A non-perturbative definition of fluctuating hydrodynamics, based on Zubarev hydrodynamics and Crooks theorem G.Torrieri Ongoing work with Francesco Becattini This is an unpublished stuff me and Francesco are still discussing. Dont take any of

1.1k views • 60 slides
LECTURE 9: WORKING TOGETHER An Introduction to Multiagent Systems

LECTURE 9: WORKING TOGETHER An Introduction to Multiagent Systems

LECTURE 9: WORKING TOGETHER An Introduction to Multiagent Systems http://www.csc.liv.ac.uk/mjw/pubs/imas/ Lecture 9 An Introduction to Multiagent Systems 1 Working Together Why and how to agents work together? Important to make a

290 views • 14 slides

More recommend